-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dependency-review-action cannot find a license for dependency-review-action #182
Comments
Also experiencing this issue in some of my repos... looking forward to its resolution! =) |
I'm finding this issue in testing this action, also. I tried importing a package with a proper EDIT
I peeked under the covers at the github action and it is pulling the license from the github dependency-graph API
For some packages, we're getting correct values (e.g.: {
"change_type": "added",
"manifest": "package-lock.json",
"ecosystem": "npm",
"name": "@joachimdalen/devui",
"version": "2.0.0-rc12",
"package_url": "pkg:npm/%40joachimdalen/devui@2.0.0-rc12",
"license": null,
"source_repository_url": "https://github.com/joachimdalen/DevUI",
"scope": "runtime",
"vulnerabilities": []
}, |
@jcasner Thanks for diving into this, to add further details: The API only returns licenses for the top N licenses for any given repo (not sure if N is the same for all ecosystems). I'm thinking that the best way to proceed here is to call the GitHub licenses API endpoint if |
License detection was improved in the latest release of the Action by adding a fallback to GitHub's License API. Please re-open this issue if you're still experiencing problems. |
I am encountering this issue, is there a workaround to prevent the tool from flagging itself? Thanks! |
On the first run this Action did in one of my repositories (first time using it) I looked at the output and noticed a curious log (full logs here):
From what I can tell, this repositories' license is present and well-formed (there's a LICENSE file, as well as the
"license"
entry inpackage.json
, and GitHub displays the correct license in the UI).I'm not sure what exactly the problem is, but I would not expect this Action to log a "problem" with itself.
The text was updated successfully, but these errors were encountered: